CompTIA Security Plus Mock Test Q205

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?

A. Authentication
B. Blacklisting
C. Whitelisting
D. Acceptable use policy


Correct Answer: C
Section: Compliance and Operational Security

Explanation:
White lists are closely related to ACLs and essentially, a white list is a list of items that are allowed.

Incorrect Answers:
A: Authentication is always required when applications are installed and uninstalled and to log in to an application.
B: Black lists are exactly the opposite of white lists in that it is essentially a list of items that are not allowed.
D: Acceptable use policy describe how the employees in an organization can use company systems and resources, both software and hardware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24, 221
http://searchsecurity.techtarget.com/definition/application-whitelisting